Cyber Security Headlines: LockBit struggles, Google’s quantum resilient key, orgs excitedly unprepared for AI

LockBit struggles to publish leaked data

Analyst1 Chief Security Strategist Jon DiMaggio published a report showing that the pernicious ransomware group shows signs of “critical operational problems” impacting its ability to run its criminal enterprise. He points to a recently announced update to its infrastructure that seems to cover up that it still “cannot consistently host and publish large amounts of victim data through its admin panel.” It also seemingly failed to publish victim data for refusal to pay in several instances and missed a promised window to ship updated ransomware. DiMaggio reports several affiliate clients left LockBit in favor of competitors as a result. 

(Graham Cluley, Analyst1)

Google’s quantum resilient security key

Last week, the search giant announced plans to add quantum-resistant encryption algorithms in the upcoming Chrome 116 release. This appears to be a priority for the company, which now introduced a similarly resilient FIDO2 security key. This uses a “novel ECC/Dilithium hybrid signature schema,” designed to work with the OpenSK initiative. Google worked with ETH Zürich to develop this hybrid signature, which uses only 20 kilobytes of memory. The company hopes this will become standardized in the FIDO2 key specification. 

(The Hacker News)

Organizations optimistic and unprepared for AI

This finding comes from a new survey of 2,500 global IT leaders from AMD. The survey found 75% of respondents remained optimistic about the benefits of AI, with 66% increasing investments in the space. Among the benefits these leaders hope AI can provide, the most common response was improving automated detection of cybersecurity threats, with 70%. Despite the optimism, 46% of respondents said they weren’t ready to implement AI solutions. 19% planned to prioritize AI in the next year, with 44% prioritizing it in the next five years. 

(IT Security Guru, AMD)

A New QR code phishing campaign 

Researchers at Cofense discovered a campaign targeting a number of industries back in May. The attacks sent spam emails posing as Microsoft, Salesforce, and CloudFlare, spoofing security alerts. The messages asked users to update account settings with two-factor authentication, presenting a QR code to scan. These linked to credential stealing sites. While QR codes require an extra step in a phishing attack, they can also prove easier to get past spam filters. An unnamed major US energy company received the bulk of the campaign’s phishing attempts, receiving 29% of all messages monitored. 

(Dark Reading)

Thanks to our sponsor, Veza

75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.

OpenAI using GPT-4 for content moderation

In an interview with Semafor, the company’s head of safety systems, Lilian Weng said it began using its latest GPT-4 large language model for content policy enforcement. Weng pitched this as a possible solution for other firms as well. GPT-4 specifically trained on OpenAI’s full content policy and tested with a small content sample. Humans reviewed those decisions, and asked the model about decisions with mistakes. OpenAI found GPT-4 didn’t perform as well as experienced human moderators, but did perform well against humans with basic training. This comes just as the third-party moderation firm Sama said it would no longer take work moderating harmful content from Meta, citing traumatizing exposure to employees. 

(Semafor, BBC)

The attackers are coming from inside the app

According to an analysis of over 400 malware families by Recorded Future’s Insikt Group, attackers increasingly find ways to blend into legitimately used services as a way to breach networks. At least 25% of the malware families did this in some capacity over the last two years. Cloud storage proved the most commonly abused services, followed by messaging apps, email services, and social media. Telegram proved the most common single app in this approach, followed by Discord. Infostealers represented the most commonly deployed malware in this approach. 


Crypto recovery scams on the rise

According to a new bulletin from the Federal Bureau of Investigation, crypto investment fraud surpassed $2.5 billion in 2022, with victims losing funds through infostealers or phishing attacks accessing wallets. This created an opportunity for follow-on scams related to crypto recovery. Ads for such scams can appear on social media or website ads, with scammers also reaching out directly over social sites. In most cases, scammers ask for upfront funds or a “deposit.” They either completely disappear after or return an incomplete tracing report. 

(Bleeping Computer)

No honor among thieves or forum members

In an analysis of computers infected with infostealers, researchers at the security firm Hudson Rock discovered 120,000 containing credentials for cybercrime forums. Combined with other credentials found on the devices, researchers were able to determine real identities tied to these accounts. CTO Alon Gal said this shows that these forum users can fall prey to the same malware they seek to use on other victims, saying many don’t show signs of being sophisticated actors. The forum showed the most compromised users with over 57,000. 

(The Record)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.